CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42835
https://notcve.org/view.php?id=CVE-2024-42835
31 Oct 2024 — langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component. • https://github.com/langflow-ai/langflow/issues/2908 •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9277 – Langflow HTTP POST Request utils.py redos
https://notcve.org/view.php?id=CVE-2024-9277
27 Sep 2024 — A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation of the argument remaining_text leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. • https://rumbling-slice-eb0.notion.site/Remote-Redos-in-https-github-com-langflow-ai-langflow-067159ced0d5494e91b06071384969c4?pvs=4 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7297 – Langflow Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-7297
30 Jul 2024 — Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint. • https://www.tenable.com/security/research/tra-2024-26 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-37014
https://notcve.org/view.php?id=CVE-2024-37014
10 Jun 2024 — Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. Langflow hasta la versión 0.6.19 permite la ejecución remota de código si los usuarios que no son de confianza pueden acceder al endpoint "POST /api/v1/custom_component" y proporcionar un script de Python. • https://github.com/langflow-ai/langflow/issues/1973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •